163 lines
6.7 KiB
Bash
Executable File
163 lines
6.7 KiB
Bash
Executable File
GBP="Group-Based Policy"
|
|
[[ $ENABLE_NFP = True ]] && NFP="Network Function Plugin"
|
|
|
|
function gbp_configure_nova {
|
|
iniset $NOVA_CONF neutron allow_duplicate_networks "True"
|
|
}
|
|
|
|
function gbp_configure_heat {
|
|
local HEAT_PLUGINS_DIR="/opt/stack/gbpautomation/gbpautomation/heat"
|
|
iniset $HEAT_CONF DEFAULT plugin_dirs "$HEAT_PLUGINS_DIR"
|
|
}
|
|
|
|
function gbp_configure_neutron {
|
|
iniset $NEUTRON_CONF group_policy policy_drivers "implicit_policy,resource_mapping,chain_mapping"
|
|
iniset $NEUTRON_CONF group_policy extension_drivers "proxy_group"
|
|
iniset $NEUTRON_CONF servicechain servicechain_drivers "simplechain_driver"
|
|
iniset $NEUTRON_CONF node_composition_plugin node_plumber "stitching_plumber"
|
|
iniset $NEUTRON_CONF node_composition_plugin node_drivers "heat_node_driver"
|
|
iniset $NEUTRON_CONF quotas default_quota "-1"
|
|
iniset $NEUTRON_CONF quotas quota_network "-1"
|
|
iniset $NEUTRON_CONF quotas quota_subnet "-1"
|
|
iniset $NEUTRON_CONF quotas quota_port "-1"
|
|
iniset $NEUTRON_CONF quotas quota_security_group "-1"
|
|
iniset $NEUTRON_CONF quotas quota_security_group_rule "-1"
|
|
iniset $NEUTRON_CONF quotas quota_router "-1"
|
|
iniset $NEUTRON_CONF quotas quota_floatingip "-1"
|
|
iniset $NEUTRON_CONF agent extensions "qos"
|
|
}
|
|
|
|
function nfp_configure_neutron {
|
|
NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
|
|
iniset $NEUTRON_CONF keystone_authtoken project_name "service"
|
|
iniset $NEUTRON_CONF keystone_authtoken username "neutron"
|
|
iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD
|
|
iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
|
|
iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
|
|
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
|
|
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_password $ADMIN_PASSWORD
|
|
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name "service"
|
|
if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then
|
|
iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default"
|
|
fi
|
|
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False"
|
|
iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
|
|
extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers)
|
|
if [[ -n $extn_drivers ]];then
|
|
iniset $NEUTRON_ML2_CONF ml2 extension_drivers $extn_drivers,port_security
|
|
else
|
|
iniset $NEUTRON_ML2_CONF ml2 extension_drivers port_security
|
|
fi
|
|
}
|
|
|
|
function configure_nfp_loadbalancer {
|
|
echo "Configuring NFP Loadbalancer plugin driver"
|
|
LBAAS_SERVICE_PROVIDER=LOADBALANCERV2:loadbalancerv2:gbpservice.contrib.nfp.service_plugins.loadbalancer.drivers.nfp_lbaasv2_plugin_driver.HaproxyOnVMPluginDriver:default
|
|
sudo\
|
|
sed\
|
|
-i\
|
|
'/^service_provider.*:default/'\
|
|
's'/\
|
|
':default'/\
|
|
'\n'\
|
|
"service_provider = $LBAAS_SERVICE_PROVIDER"/\
|
|
/etc/neutron/neutron_lbaas.conf
|
|
}
|
|
|
|
function configure_nfp_firewall {
|
|
echo "Configuring NFP Firewall plugin"
|
|
sudo\
|
|
sed\
|
|
-i\
|
|
'/^service_plugins/'\
|
|
's'/\
|
|
'neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin'/\
|
|
'gbpservice.contrib.nfp.service_plugins.firewall.nfp_fwaas_plugin.NFPFirewallPlugin'/\
|
|
/etc/neutron/neutron.conf
|
|
}
|
|
|
|
function configure_nfp_vpn {
|
|
echo "Configuring NFP VPN plugin driver"
|
|
sudo\
|
|
sed\
|
|
-i\
|
|
'/^service_provider.*IPsecVPNDriver:default/'\
|
|
's'/\
|
|
':default'/\
|
|
'\n'\
|
|
'service_provider = VPN:vpn:gbpservice.contrib.nfp.service_plugins.vpn.drivers.nfp_vpnaas_driver.NFPIPsecVPNDriver:default'/\
|
|
/etc/neutron/neutron_vpnaas.conf
|
|
}
|
|
|
|
# Process contract
|
|
if is_service_enabled group-policy; then
|
|
if [[ "$1" == "stack" && "$2" == "pre-install" ]]; then
|
|
echo_summary "Preparing $GBP"
|
|
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
|
|
echo_summary "Installing $GBP"
|
|
[[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && install_apic_aim
|
|
if [[ $ENABLE_NFP = True ]]; then
|
|
echo_summary "Installing $NFP"
|
|
prepare_nfp_image_builder
|
|
fi
|
|
if [[ $ENABLE_NSX_POLICY = True ]]; then
|
|
echo_summary "Installing NSX Policy requirements"
|
|
prepare_nsx_policy
|
|
fi
|
|
|
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
|
echo_summary "Configuring $GBP"
|
|
# REVIST Ideally, we should be configuring nova, heat and UI as well for GBP in the
|
|
# GBP devstack gate job. However, contrary to the documentation, this block
|
|
# of code is not being invoked by devstack after the nova, heat and
|
|
# dashboard config files have been created. Once this is sorted out, the
|
|
# ENABLE_GBP_GATE variable can be eliminated.
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_nova
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && gbp_configure_heat
|
|
gbp_configure_neutron
|
|
|
|
if [[ $ENABLE_NSX_POLICY = True ]]; then
|
|
echo_summary "Configuring NSX"
|
|
nsx_configure_neutron
|
|
fi
|
|
if [[ $ENABLE_NFP = True ]]; then
|
|
echo_summary "Configuring $NFP"
|
|
nfp_configure_neutron
|
|
if [[ $NFP_DEVSTACK_MODE = advanced ]]; then
|
|
configure_nfp_loadbalancer
|
|
configure_nfp_firewall
|
|
configure_nfp_vpn
|
|
fi
|
|
fi
|
|
# REVISIT move installs to install phase?
|
|
install_gbpclient
|
|
install_gbpservice
|
|
[[ $ENABLE_NFP = True ]] && install_nfpgbpservice
|
|
init_gbpservice
|
|
[[ $ENABLE_NFP = True ]] && init_nfpgbpservice
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && install_gbpheat
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && install_gbpui
|
|
[[ $ENABLE_APIC_AIM = True || $ENABLE_APIC_AIM_GATE = True ]] && configure_apic_aim
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && stop_apache_server
|
|
[[ $ENABLE_GBP_GATE = False && $ENABLE_APIC_AIM_GATE = False ]] && start_apache_server
|
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|
echo_summary "Initializing $GBP"
|
|
if [[ $ENABLE_NFP = True ]]; then
|
|
echo_summary "Initializing $NFP"
|
|
assign_user_role_credential
|
|
create_nfp_gbp_resources
|
|
create_nfp_image
|
|
[[ $NFP_DEVSTACK_MODE = advanced ]] && launch_configuratorVM
|
|
copy_nfp_files_and_start_process
|
|
fi
|
|
fi
|
|
|
|
if [[ "$1" == "unstack" ]]; then
|
|
echo_summary "Removing $GBP"
|
|
fi
|
|
|
|
if [[ "$1" == "clean" ]]; then
|
|
echo_summary "Cleaning $GBP"
|
|
fi
|
|
fi
|